[whatwg] Proposal for cross domain security framework from Frode Børli on 2008-06-23 (public-whatwg-archive@w3.org from June 2008)

From: Frode Børli <frode@seria.no>
Date: Mon, 23 Jun 2008 14:18:22 +0200
Message-ID: <31fb000f0806230518h739e5130oa9828b2bbabe48b3@mail.gmail.com>

Hi! Thank you for pointing to that document. I quickly scanned trough
it but I have a small problem with the specification: does it require
web servers to check the Origin header? What happens with older web
applications that do not check this header?

Frode

2008/6/23 Anne van Kesteren <annevk at opera.com>:
> On Mon, 23 Jun 2008 09:34:27 +0200, Frode B?rli <frode at seria.no> wrote:
>>
>> [...]
>
> I'd suggest looking into the work the W3C has been doing on this for the
> past two years:
>
>  http://dev.w3.org/2006/webapi/XMLHttpRequest-2/
>  http://dev.w3.org/2006/waf/access-control/
>
>
> --
> Anne van Kesteren
> <http://annevankesteren.nl/>
> <http://www.opera.com/>
>

-- 
Best regards / Med vennlig hilsen
Frode B?rli
Seria.no

Mobile:
+47 406 16 637
Company:
+47 216 90 000
Fax:
+47 216 91 000

Think about the environment. Do not print this e-mail unless you really need to.

Tenk milj?. Ikke skriv ut denne e-posten dersom det ikke er n?dvendig.

Received on Monday, 23 June 2008 05:18:22 UTC